@enactprotocol/shared 1.2.8 → 1.2.9

package/dist/api/enact-api.d.ts

@@ -1,4 +1,4 @@
-import { EnactToolDefinition, ToolUsage, ToolSearchQuery, CLITokenCreate, OAuthTokenExchange } from "./types";
+import { EnactToolDefinition, ToolSignaturePayload, ToolUsage, ToolSearchQuery, CLITokenCreate, OAuthTokenExchange } from "./types";
 export declare class EnactApiClient {
     baseUrl: string;
     supabaseUrl: string;
@@ -100,6 +100,7 @@ export declare class EnactApiClient {
      * Get a user's public key
      */
     getUserPublicKey(userId: string): Promise<any>;
+    signTool(toolId: string, payload: ToolSignaturePayload, token: string, tokenType?: "jwt" | "cli"): Promise<any>;
     /**
      * Generate OAuth authorization URL
      */

package/dist/api/enact-api.js

@@ -343,6 +343,13 @@ export class EnactApiClient {
             throw new EnactApiError("Unknown error occurred", 0);
         }
     }
+    async signTool(toolId, payload, token, tokenType = "cli") {
+        const endpoint = `/functions/v1/tools/${encodeURIComponent(toolId)}/signatures`;
+        return this.makeRequest(endpoint, {
+            method: "POST",
+            body: JSON.stringify(payload),
+        }, token, tokenType);
+    }
     // ===================
     // OAUTH FLOW HELPERS
     // ===================

package/dist/api/types.d.ts

@@ -1,6 +1,7 @@
 export interface EnactToolDefinition {
     name: string;
     description: string;
+    verified?: boolean;
     command: string;
     from?: string;
     version?: string;
@@ -89,3 +90,14 @@ export interface EnactExecOptions {
     dangerouslySkipVerification?: boolean;
     mount?: string;
 }
+export interface ToolSignaturePayload {
+    algorithm: "sha256";
+    created: string;
+    key_id: string;
+    public_key: string;
+    role: "author";
+    signer: string;
+    timestamp: number;
+    type: "ecdsa-p256";
+    value: string;
+}

package/dist/core/EnactCore.d.ts

@@ -1,4 +1,5 @@
 import type { EnactTool, ExecutionResult } from "../types.js";
+import { EnactToolDefinition } from "../api/types.js";
 export interface EnactCoreOptions {
     apiUrl?: string;
     supabaseUrl?: string;
@@ -67,6 +68,7 @@ export declare class EnactCore {
      * Execute a tool by name
      */
     executeToolByName(name: string, inputs?: Record<string, any>, options?: ToolExecuteOptions): Promise<ExecutionResult>;
+    static checkToolVerificationStatus(tool: EnactToolDefinition): Promise<boolean>;
     private verifyTool;
     /**
      * Execute a tool directly

package/dist/core/EnactCore.js

@@ -5,7 +5,7 @@ import { DaggerExecutionProvider } from "./DaggerExecutionProvider.js";
 import { resolveToolEnvironmentVariables } from "../utils/env-loader.js";
 import logger from "../exec/logger.js";
 import yaml from "yaml";
-import { CryptoUtils, SecurityConfigManager, SigningService } from "@enactprotocol/security";
+import { SecurityConfigManager, SigningService } from "@enactprotocol/security";
 import { getFrontendUrl, getApiUrl } from "../utils/config";
 export class EnactCore {
     constructor(options = {}) {
@@ -278,6 +278,33 @@ export class EnactCore {
             };
         }
     }
+    static async checkToolVerificationStatus(tool) {
+        const documentForVerification = {
+            command: tool.command,
+            description: tool.description,
+            from: tool.from,
+            name: tool.name,
+            signatures: tool.signatures?.map(sig => ({
+                signature: sig.value,
+                publicKey: "", // TODO: Look up the correct public key
+                algorithm: sig.algorithm,
+                timestamp: new Date(sig.created).getTime(),
+            })),
+        };
+        let isValid = false;
+        if (tool.signatures && tool.signatures.length > 0) {
+            isValid = tool.signatures.some(sig => {
+                const referenceSignature = {
+                    signature: sig.value,
+                    publicKey: "", // TODO: Lookup correct public key based on signature UUID
+                    algorithm: sig.algorithm,
+                    timestamp: new Date(sig.created).getTime()
+                };
+                return SigningService.verifyDocument(documentForVerification, referenceSignature, { includeFields: ['command', 'description', 'from', 'name'] });
+            });
+        }
+        return isValid;
+    }
     async verifyTool(tool, dangerouslySkipVerification = false) {
         if (dangerouslySkipVerification) {
             logger.warn(`Skipping signature verification for tool: ${tool.name}`);
@@ -287,28 +314,33 @@ export class EnactCore {
             if (!tool.signatures || tool.signatures.length === 0) {
                 throw new Error(`Tool ${tool.name} does not have any signatures`);
             }
-            const documentForVerification = {
-                command: tool.command,
-                description: tool.description,
-                from: tool.from,
-                name: tool.name,
-            };
-            const referenceSignature = {
-                signature: tool.signatures[0].value,
-                publicKey: "", // Correct public key for UUID 71e02e2c-148c-4534-9900-bd9646e99333
-                algorithm: tool.signatures[0].algorithm,
-                timestamp: new Date(tool.signatures[0].created).getTime()
-            };
-            // Check what canonical document looks like
-            const canonicalDoc = SigningService.getCanonicalDocument(documentForVerification, { includeFields: ['command', 'description', 'from', 'name'] });
-            const docString = JSON.stringify(canonicalDoc);
-            const messageHash = CryptoUtils.hash(docString);
-            // Test direct crypto verification
-            const directVerify = CryptoUtils.verify(referenceSignature.publicKey, messageHash, referenceSignature.signature);
+            // const documentForVerification = {
+            // 	command: tool.command,
+            // 	description: tool.description,
+            // 	from: tool.from,
+            // 	name: tool.name,
+            // };
+            // const referenceSignature = {
+            // 		signature: tool.signatures[0].value,
+            // 		publicKey: "", // Correct public key for UUID 71e02e2c-148c-4534-9900-bd9646e99333
+            // 		algorithm: tool.signatures[0].algorithm,
+            // 		timestamp: new Date(tool.signatures[0].created).getTime()
+            // 	};
+            //         // Check what canonical document looks like
+            //         const canonicalDoc = SigningService.getCanonicalDocument(documentForVerification,     { includeFields:  ['command', 'description', 'from', 'name'] } 
+            // );
+            //         const docString = JSON.stringify(canonicalDoc);
+            //         const messageHash = CryptoUtils.hash(docString);
+            //         // Test direct crypto verification
+            //         const directVerify = CryptoUtils.verify(
+            //             referenceSignature.publicKey,
+            //             messageHash,
+            //             referenceSignature.signature
+            //         );
             // Check trusted keys
             // const trustedKeys = KeyManager.getAllTrustedPublicKeys();
-            const isValid = SigningService.verifyDocument(documentForVerification, referenceSignature, { includeFields: ['command', 'description', 'from', 'name'] });
-            // console.log("Final verification result:", isValid);
+            const isValid = await EnactCore.checkToolVerificationStatus(tool);
+            console.log("Final verification result:", isValid);
             if (!isValid) {
                 throw new Error(`Tool ${tool.name} has invalid signatures`);
             }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@enactprotocol/shared",
-  "version": "1.2.8",
+  "version": "1.2.9",
   "description": "Shared utilities and core functionality for Enact Protocol",
   "type": "module",
   "main": "./dist/index.js",

package/src/api/enact-api.ts

@@ -1,5 +1,6 @@
 import {
 	EnactToolDefinition,
+	ToolSignaturePayload,
 	ToolUsage,
 	ToolSearchQuery,
 	CLITokenCreate,
@@ -480,6 +481,20 @@ export class EnactApiClient {
 			throw new EnactApiError("Unknown error occurred", 0);
 		}
 	}
+	
+	async signTool(
+	toolId: string,
+	payload: ToolSignaturePayload,
+	token: string,
+	tokenType: "jwt" | "cli" = "cli"
+): Promise<any> {
+	const endpoint = `/functions/v1/tools/${encodeURIComponent(toolId)}/signatures`;
+
+	return this.makeRequest(endpoint, {
+		method: "POST",
+		body: JSON.stringify(payload),
+	}, token, tokenType);
+}
 
 	// ===================
 	// OAUTH FLOW HELPERS

package/src/api/types.ts

@@ -1,6 +1,7 @@
 export interface EnactToolDefinition {
 	name: string;
 	description: string;
+	verified?: boolean; // Indicates if the tool has been verified
 	command: string;
 	from?: string;
 	version?: string;
@@ -99,3 +100,15 @@ export interface EnactExecOptions {
 	dangerouslySkipVerification?: boolean; // Skip all signature verification (DANGEROUS)
 	mount?: string; // Mount local directory to container (format: "local:container")
 }
+
+export interface ToolSignaturePayload {
+	algorithm: "sha256";
+	created: string; // Time of signing
+	key_id: string; // ID of the private key
+	public_key: string; // The corresponding public key
+	role: "author";
+	signer: string; // The userID of the signer
+	timestamp: number;
+	type: "ecdsa-p256";
+	value: string; // Signature
+}

package/src/core/EnactCore.ts

@@ -19,6 +19,7 @@ import fs from "fs";
 import path from "path";
 import { CryptoUtils, KeyManager, SecurityConfigManager, SigningService } from "@enactprotocol/security";
 import { getFrontendUrl, getApiUrl } from "../utils/config";
+import { EnactToolDefinition } from "../api/types.js";
 
 export interface EnactCoreOptions {
 	apiUrl?: string;
@@ -408,6 +409,43 @@ export class EnactCore {
 		}
 	}
 
+public static async checkToolVerificationStatus(tool: EnactToolDefinition): Promise<boolean> {
+	const documentForVerification = {
+		command: tool.command,
+		description: tool.description,
+		from: tool.from,
+		name: tool.name,
+		signatures: tool.signatures?.map(sig => ({
+			signature: sig.value,
+			publicKey: "", // TODO: Look up the correct public key
+			algorithm: sig.algorithm,
+			timestamp: new Date(sig.created).getTime(),
+		})),
+	};
+	
+	let isValid = false;
+
+	if (tool.signatures && tool.signatures.length > 0) {
+		isValid = tool.signatures.some(sig => {
+			const referenceSignature = {
+				signature: sig.value,
+				publicKey: "", // TODO: Lookup correct public key based on signature UUID
+				algorithm: sig.algorithm,
+				timestamp: new Date(sig.created).getTime()
+			};
+
+			return SigningService.verifyDocument(
+				documentForVerification,
+				referenceSignature,
+				{ includeFields: ['command', 'description', 'from', 'name'] }
+			);
+		});
+	}
+
+	return isValid;
+}
+		
+
 private async verifyTool(tool: EnactTool, dangerouslySkipVerification: boolean = false): Promise<void> {
     if (dangerouslySkipVerification) {
         logger.warn(`Skipping signature verification for tool: ${tool.name}`);
@@ -419,46 +457,42 @@ private async verifyTool(tool: EnactTool, dangerouslySkipVerification: boolean =
 			throw new Error(`Tool ${tool.name} does not have any signatures`);
 		}
 	
-		const documentForVerification = {
-			command: tool.command,
-			description: tool.description,
-			from: tool.from,
-			name: tool.name,
-		};
-
-       	const referenceSignature = {
-				signature: tool.signatures[0].value,
-				publicKey: "", // Correct public key for UUID 71e02e2c-148c-4534-9900-bd9646e99333
-				algorithm: tool.signatures[0].algorithm,
-				timestamp: new Date(tool.signatures[0].created).getTime()
-			};
+		// const documentForVerification = {
+		// 	command: tool.command,
+		// 	description: tool.description,
+		// 	from: tool.from,
+		// 	name: tool.name,
+		// };
+
+       	// const referenceSignature = {
+		// 		signature: tool.signatures[0].value,
+		// 		publicKey: "", // Correct public key for UUID 71e02e2c-148c-4534-9900-bd9646e99333
+		// 		algorithm: tool.signatures[0].algorithm,
+		// 		timestamp: new Date(tool.signatures[0].created).getTime()
+		// 	};
 
         
-        // Check what canonical document looks like
-        const canonicalDoc = SigningService.getCanonicalDocument(documentForVerification,     { includeFields:  ['command', 'description', 'from', 'name'] } 
-);
+//         // Check what canonical document looks like
+//         const canonicalDoc = SigningService.getCanonicalDocument(documentForVerification,     { includeFields:  ['command', 'description', 'from', 'name'] } 
+// );
         
-        const docString = JSON.stringify(canonicalDoc);
-        const messageHash = CryptoUtils.hash(docString);
+//         const docString = JSON.stringify(canonicalDoc);
+//         const messageHash = CryptoUtils.hash(docString);
     
         
-        // Test direct crypto verification
-        const directVerify = CryptoUtils.verify(
-            referenceSignature.publicKey,
-            messageHash,
-            referenceSignature.signature
-        );
+//         // Test direct crypto verification
+//         const directVerify = CryptoUtils.verify(
+//             referenceSignature.publicKey,
+//             messageHash,
+//             referenceSignature.signature
+//         );
         
         // Check trusted keys
         // const trustedKeys = KeyManager.getAllTrustedPublicKeys();
 
-        const isValid = SigningService.verifyDocument(
-            documentForVerification,
-            referenceSignature,
-    		{ includeFields: ['command', 'description', 'from', 'name'] }
-        );
+        const isValid = await EnactCore.checkToolVerificationStatus(tool);
         
-        // console.log("Final verification result:", isValid);
+        console.log("Final verification result:", isValid);
 
         if (!isValid) {
             throw new Error(`Tool ${tool.name} has invalid signatures`);